Moscow-based computer security company Kaspersky Lab has revealed that several new and sophisticated social engineering techniques were used by spammers in September to trick unsuspecting users.
Chief among the tricks are phishing mails with McDonald’s survey and direct threats as subject lines.
Kaspersky said that several users received a message that appears to be from McDonald’s. It states that the recipient has won the chance to participate in a survey and will get $80 for doing so.
The company said , "The user follows the link, finds himself on a page with a customer satisfaction survey form and fills it in. After submitting the survey, he is redirected to a further form asking for full credit card details to process the promised $80 payment. Of course, the information is likely to be used to clean out the user’s account, rather than pay any cash."
Kaspersky said that the volume of spam in mail traffic in September 2011 decreased slightly compared to August and averaged 78.5%.
The month also saw spammers exploiting rumours of the new financial crisis in the subject lines and contents of September’s spam. It was a month rich in messages offering dubious get-rich-quick schemes, promoting legal or consulting services as well as notorious ‘Nigerian letters’ with offers of "anti-crisis" loans, said Kaspersky.
Spammers had resorted to similar tactics during the 2008-09 crisis when financial instability strongly influenced their activities.
Another method was a modification of a tactic used in August where a message with an archived malicious attachment read like a short official message, but was wrongly encoded. This played on the recipients’ curiosity, tempting them to open the attachment.
Malicious users also used intimidation and threats. Kaspersky said that "one Nigerian email contained a very direct threat: the message claims to be from a contract killer with orders to murder the recipient. But for $8,000 the assassin is willing to spare the intended victim, and even betray his paymaster."
A more effective social engineering trick was an email threatening legal action against the user for distributing spam containing malware.
Kaspersky Lab senior spam analyst Maria Namestnikova said, "Recipients of this type of email should not panic."
"It’s rare for such emails to include personal data about the user or any information about the supposed plaintiff. These are the giveaway signs of a fraudulent email aiming to install malicious executable files on personal computers."
